Welcome to the Powertech Encryption for IBM i DCM Configuration Guide

To make use of the Powertech Encryption for IBM i HTTP APIs, it is necessary to configure and run an HTTP Server Instance. Find instructions on how to do configure and run in the Powertech Encryption for IBM i HTTP Guide. The APIs can be used with or without SSL enabled.  This Powertech Encryption for IBM i DCM Configuration Guide provides the IBM Digital Certificate Manager tasks necessary to secure the connection between the HTTP APIs and the HTTP server they communicate with. The following diagram illustrates the three main choices for levels of security and where they are covered:

Single IBM i or Multiple System i

The Powertech Encryption for IBM i HTTP APIs can be used in an application to communicate with a Powertech Encryption for IBM i HTTP server instance on the same IBM i system. In this scenario, it is not necessary (though possible) to use SSL. This would be a legitimate scenario for using option 1 in the previous diagram. The remainder of this document addresses situations where multiple IBM i are to be used.

Public or Private Certificates

The choice of using public certificates or private certificates affects the configuration tasks on the client system for option 3 above.  If a public certificate is used, then it is not necessary to load it on the client system. This is because the Digital Certificate Manager is pre-loaded with credentials from the major public certificate issuers. If a private certificate is used (generated on the server system), then it typically needs to be loaded into DCM on the client system before the SSL connection will work.

For option 2, the server certificate can be public or private without affecting the client configuration.